NATO Defence Ministers met in Brussels on 14–15 February 2023 to discuss to how “to strengthen the Alliance’s deterrence and defence”. One topic on the meeting’s agenda was related to modalities to improve the protection of critical undersea infrastructure.
Following the meeting, NATO’s Secretary General Jens Stoltenberg announced the establishment of a Critical Undersea Infrastructure Coordination Cell at the NATO headquarters, which will ‘facilitate engagement with industry and bring key military and civilian stakeholders together’.
A recent report by Dragos, a cybersecurity company, highlights the rise in ransomware attacks agains critical infrastructure and, in particular, against the manufacturing systems. The report shows that the manufacturing sector had at least 437 ransomware attacks in 2022, accounting for more than 70% of these disruptive attacks that industrial organisations had experienced the previous year.
The company identified a total of 605 ransomware attacks affecting the industrial sector in 2022, a 92% increase over the 315 attacks detected in 2021.
The report also epxlores the activity of two threat groups – Chernovite and Bentonite – that focus on attacking the industrial sector. While Chernovite targets electric, liquid, and natural gas companies in Europe and the USA, Bentonite mainly focuses on attacking maritime oil and gas companies, governments, and the manufacturing sector.
The UK raises concern over an alleged information-gathering operation that has targeted numerous actors in government, politics, education, defence, journalism, and activism, carried out by a hacking group with ties to Russia called Cold River.
The National Cyber Security Centre (NCSC), a division of the British government’s GCHQ spy agency, warned that Cold River conducts research on its targets and impersonates others in their near area using false email accounts and social media profiles. The Russian embassies in London and Washington did not immediately answer email requests for comments on the NCSC’s remarks. The Russian government was not specifically named as the source of the cyberattacks in the advisory.
The US Department of Justice announced that it seized the networks of a major international ransomware variant named Hive. The Hive ransomware was responsible for extorting and attempting to extort millions of dollars from victims in the USA and around the world, Attorney General Merrick B. Garland stated. More than 1,500 victims worldwide were targeted, including hospitals, schools, financial firms, and critical infrastructure, with an estimated loss of more than $150 million.
Cobalt Sapling, an Iranian threat actor, has been seen developing a new identity known as ‘Abraham’s Ax’ to use Saudi Arabia as political leverage.
The information was discovered by cybersecurity researchers at Secureworks’ Counter Threat Unit (CTU), who released an advisory about the new threat on January 26. Secureworks stated that the development of Abraham’s Ax and its attacks on Saudi government ministries illustrate its political intentions in a report emailed to Infosecurity.
The Federal Bureau of Investigation (FBI) confirmed that the DPRK cybercriminal group, Lazarus, is responsible for stealing $100 million of virtual currency from Harmony’s Horizon Bridge. FBI found that the portion of the stolen Ethereum, laundered during the June 2022 heist, was sent to virtual asset providers and converted to bitcoins.
The biggest internet service provider in Russia, Rostelecom, reports that 2022 saw a record number of Distributed Denial of Service (DDoS) attacks against Russian organisations.
According to the Rostelecom report, its experts recorded 21.5 million critical web attacks aimed at approximately 600 organizations from various industries, including critical infrastructure, financial, and the private and public sectors. DDoS assaults accounted for 80% of all cyberattacks directed at Russian entities.
Other findings suggest that 30% of all observed cyberattacks in 2022 targeted the governmental sector, followed by 25% on financial organisations and services and 16% on educational institutions.
With more than 500,000 DDoS attempts found, Moscow was the most often targeted region in 2022. The largest documented attack was 760 GB/sec, while the longest DDoS lasted nearly three months.
The fourth session of the Cybercrime Ad Hoc Committee focused on amending the consolidated document prepared by the Chair Committee with the support of the Secretariat on November 7th, 2022. The new version was amended and will be further negotiated in the upcoming sessions. In General Provisions, the protection of human rights was highlighted by the EU and its member states, Canada, and the UK, while also emphasising that state parties shall carry out their obligations under international human rights law treaties.
Within the framework of the international conference in Strasbourg, Greece became the 31st country to sign the Second Additional Protocol on enhanced co-operation and disclosure of electronic evidence to the Convention on Cybercrime (Budapest Convention).
